CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12232 – kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor
https://notcve.org/view.php?id=CVE-2018-12232
12 Jun 2018 — In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. En net/socket.c en el kernel de Linux hasta la versión 4.17.1, hay una condición de carrera entr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12233
https://notcve.org/view.php?id=CVE-2018-12233
12 Jun 2018 — In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. En la función ea_get en fs/jfs/xattr.c en el kernel de Linux hasta la versión 4.17.1, un error de corrupción de... • http://www.securityfocus.com/bid/104452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000200 – kernel: NULL pointer dereference on OOM kill of large mlocked process
https://notcve.org/view.php?id=CVE-2018-1000200
05 Jun 2018 — The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked). Las versiones 4.14, 4.15 ... • http://seclists.org/oss-sec/2018/q2/67 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2018-11508 – Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
https://notcve.org/view.php?id=CVE-2018-11508
28 May 2018 — The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. Se ha descubierto un problema en Moodle 3.x. Al sustituir URL en los portfolios, los usuarios pueden instanciar cualquier clase. Esto también puede ser explotado por usuarios que hayan iniciado sesión como invitados para lanzar un ataque DDoS. Linux kernel version 4.13 suffers from a compat_get_timex() kernel pointer leak vulnerability. • https://www.exploit-db.com/exploits/46208 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-11506 – kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-11506
28 May 2018 — The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. La función sr_do_ioctl en drivers/scsi/sr_ioctl.c en el kernel de Linux hasta 4.16.12 permite a los usuarios locales causar una denegación de servicio (desbordamiento de búfe... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 3CVE-2018-11412 – Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption
https://notcve.org/view.php?id=CVE-2018-11412
24 May 2018 — In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. En el kernel de Linux de la versión 4.13 hasta la 4.16.11, ext4_read_inline_data() en fs/ext4/inline.c realiza un memcpy con un valor de longitud no fiable en ciertas circunstancias que implica un sistema de archivos manipulado que almacena el va... • https://www.exploit-db.com/exploits/44832 • CWE-416: Use After Free CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 2CVE-2018-1120 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1120
22 May 2018 — A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18270 – kernel: improper keyrings creation
https://notcve.org/view.php?id=CVE-2017-18270
18 May 2018 — In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. En el kernel de Linux, en versiones anteriores a la 4.13.5, un usuario local podría crear keyrings para otros usuarios mediante comandos keyctl, estableciendo configuraciones por defecto no deseadas o provocando una denegación de servicio (DoS). A flaw was found in the Linux kernel in the way a local user could create keyrings for other users vi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11232
https://notcve.org/view.php?id=CVE-2018-11232
18 May 2018 — The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. La función etm_setup_aux function en drivers/hwtracing/coresight/coresight-etm-perf.c en el kernel de Linux en versiones anteriores a la 4.10.2 permite que los atacantes provoquen una denegación de servicio (pánico) debido a que un parámetro se emplea de forma incorrecta como variabl... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f09444639099584bc4784dfcd85ada67c6f33e0f • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1118 – kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2018-1118
10 May 2018 — Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. El vhost del kernel de Linux desde la versión 4.8 no inicializa correctamente la memoria en los mensajes que se pasan entre invitados virtuales y el sistema operativo host en la función vhost/vhos... • https://access.redhat.com/errata/RHSA-2018:2948 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •